package com.bdqn.config;


import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;


/**
 * ShiroConfig
 *
 * @author f
 * @since 2021/12/11
 */
@Configuration
public class ShiroConfig {

    @Bean
    public MyShiroRealm myShiroRealm(){ //自定义 Realm
        MyShiroRealm shiroRealm = new MyShiroRealm();
        return shiroRealm;
    }

    @Bean
    public SecurityManager securityManager(){ //安全管理器 SecurityManager
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //注入 Realm
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactory(SecurityManager securityManager){ //Shiro 过滤器：权限验证
        ShiroFilterFactoryBean shiroFilterFactory = new ShiroFilterFactoryBean();

        //注入 SecurityManager
        shiroFilterFactory.setSecurityManager(securityManager);

        //权限验证：使用 Filter 控制资源(URL)的访问
        //本次暂不设置过滤器进行权限验证
        return shiroFilterFactory;
    }
}
